What the vulnerability does
01Description
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
CVSS base score
6.5/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
September 4, 2018
CVE published
August 5, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-42928 Deserialization Vulnerability in SAP jConnect - SDK for ASE
CVE-2023-3324 Insecure deserialization in zenon internal DLLs
CVE-2023-0960 SeaCMS Picture Management config.ftp.php deserialization
CVE-2019-11286 JMX Credential Deserialization in GemFire
CVE-2025-15276 FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
